Asuswrt-Merlin Serving IPV6 Router IP Instead of IPV6 DNS Server IP F/W 384.19

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

sunbob00

New Around Here
Currently, I have replaced the router's IPV6 ip address with the IPV6 ip address of my DNS server (a Pi-Hole) and it is working although not as designed I believe. Here are my IPV6 settings:
1603675518790.png
 

sunbob00

New Around Here
Sorry, I did not mean to be vague. Once I substituted the IPV6 address of the DNS Server into the LAN IPV6 address location (rather than leaving in the Router's LAN IPV6 address. It than seems to populate into the IPV6 DNS Server IP address on the IPV6 devices registering on the Router's network.
 

SomeWhereOverTheRainBow

Very Senior Member
Sorry, I did not mean to be vague. Once I substituted the IPV6 address of the DNS Server into the LAN IPV6 address location (rather than leaving in the Router's LAN IPV6 address. It than seems to populate into the IPV6 DNS Server IP address on the IPV6 devices registering on the Router's network.
here is a real test, try this test

here is an example of my test
1603686791468.png
 

SomeWhereOverTheRainBow

Very Senior Member
Currently, I have replaced the router's IPV6 ip address with the IPV6 ip address of my DNS server (a Pi-Hole) and it is working although not as designed I believe. Here are my IPV6 settings:
View attachment 27171
how do you have your pihole configured. is it acting as DHCP+DNS or is the router acting as DHCP+ Pihole DNS? What do your settings look like within the pihole menu?

In my conditions, the router acts as DHCP- handing out Pihole as DNS. From your posted settings, it looks like you are attempting to have pihole act as DHCP+DNS. In this case, how do you have the router properly allocating its ipv6 to PiHole so that pihole hands out IPV6 addresses? from the looks of it, it seems like you have told the router to handle ipv6, but have disabled the DHCP-PD. I am not quite sure you are getting a stable ipv6 connection to your clients.
 

N/A

Occasional Visitor
Currently, I have replaced the router's IPV6 ip address with the IPV6 ip address of my DNS server (a Pi-Hole) and it is working although not as designed I believe. Here are my IPV6 settings:
View attachment 27171
Currently the webui only allows you to enter two IPv4 DNS and always advertises router's IPv6 address to clients as DNS even if "Advertise router's IP in addition to user-specified DNS" option is off.
A JFFS script is needed to advertise an custom IPV6 DNS to DHCP clients. It works but it took me a while to find the script.
I posted a feature request 2 months ago but no one replied at all. If you don't mind would you please reply under that post so maybe Merlin can see it? post link
Here is the script
Bash:
#!/bin/sh
sed -i "s/dhcp-option=lan,option6:23,.*/dhcp-option=lan,option6:23,[YOUR PI-HOLE IPV6 ADDRESS]/" $1
Put it in dnsmasq.postconf by following this wiki post Github Wiki
 

Jimmy9

New Around Here
I am on 384.19 and struggled with this issue all day. Your post helped me a lot. But i cant get these postconf scripts to work.

Tried in /jffs/scripts and /jffs/config. Tried with naming dnsmasq.conf.add but it adds the whole script to the dnsmasq.conf file, so i add just the line
Code:
dhcp-option=lan,option6:23,[ipv6 address of DNS server]
and it adds to the bottom of the dnsmasq.conf file, but doesnt remove the original/default option. Dnsmasq runs with out error and my DNS via DHCP finally works. but i am not sure sure about leaving it this way.

Is there a bug that always uses the router DNS in DHCP
Is there a bug in using the postconf, or am i just doing it wrong?

Many thanks
 

dave14305

Part of the Furniture
The firmware always serves the router IP as the IPv6 DNS server, and uses the 3 DNS fields in the IPv6 tab to define the upstream IPv6 WAN DNS servers used by dnsmasq.
 

Jimmy9

New Around Here
Yep, but if you do not want the router to be your DNS server, eg running PIHOLE then it appears that the webgui doesnt support it, only a change to the conf file and this is fine...if only i could make the change effectively...i cant seem to get the postconf part right.
 

Jimmy9

New Around Here
Hope this helps some one else.
I used nano to create the dnsmasq.postconf file and it wouldnt work so i ran dos2unix dnsmasq.postconf and it worked.
 

N/A

Occasional Visitor
Glad it works for you. I don't know why would you need dos2unix since I pasted it as a bash script. Enjoy your Pi-Hole with IPv6.
 

heysoundude

Very Senior Member
Yep, but if you do not want the router to be your DNS server, eg running PIHOLE then it appears that the webgui doesnt support it, only a change to the conf file and this is fine...if only i could make the change effectively...i cant seem to get the postconf part right.
why don't you? for everything you're trying to accomplish with PiHole, you're basically undoing by not being your network's DNS.
 

N/A

Occasional Visitor
why don't you? for everything you're trying to accomplish with PiHole, you're basically undoing by not being your network's DNS.
If the router advertises itself as DNS through DHCP and uses Pi-Hole as upstream DNS, then on the Pi-Hole chart there is going to be only a single client which is the router representing all the devices.
If the router advertises Pi-Hole as DNS through DHCP, then each device is a separate client on the Pi-Hole chart which is very helpful for blacklisting/whitelisting.
 

SomeWhereOverTheRainBow

Very Senior Member
Here is my setup.
1603844736197.png

1603844811184.png

1603844945725.png

1603844879025.png

On the page above I add the lan ipv6 address of the router for the DNS settings of the pihole.
Also notice i name a conditional forwarding for a local domain, this is important to see the devices names in the statistics of the pihole.
1603845243350.png

In my case pihole is 192.168.1.14, I have 19 devices that reside out side of DHCP range. My ip range starts at 192.168.1.20.
Make sure to add pihole as a static to your IP range list.
 
Last edited:

SomeWhereOverTheRainBow

Very Senior Member
This is where we add the Device as static IP Notice how i put it outside the ip pool range and i tell the router not to advertise the routers ip dns.
1603845454957.png

These are my wan settings
1603845568164.png

I use routers DoT+Dnssec.
 

SomeWhereOverTheRainBow

Very Senior Member
1603847872988.png

This page above is where i get the Router ipv6 address for that i place inside the pihole dns settings page
The rest is done in SSH client.
nano /jffs/scripts/dnsmasq.postconf
copy and paste
Code:
#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_replace "dhcp-option=lan,option6:23,[::]" "dhcp-option=lan,option6:23,[IPV6 address of pihole]" $CONFIG
Next
chmod 755 /jffs/scripts/dnsmasq.postconf
 

SomeWhereOverTheRainBow

Very Senior Member
On the raspberry pi, you can edit something called
/etc/dhcpcd.conf
This file can be manipulated via ssh and nano editor.
Your goal is to define a static IP addresses for you ipv4 address and ipv6 address.
here is an example of what mine looks like
Code:
# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.

# Allow users of this group to interact with dhcpcd via the control socket.
#controlgroup wheel

# Inform the DHCP server of our hostname for DDNS.
hostname

# Use the hardware address of the interface for the Client ID.
clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
# Some non-RFC compliant DHCP servers do not reply with this set.
# In this case, comment out duid and enable clientid above.
#duid

# Persist interface configuration when dhcpcd exits.
persistent

# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit

# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Respect the network MTU. This is applied to DHCP routes.
option interface_mtu

# Most distributions have NTP support.
#option ntp_servers

# A ServerID is required by RFC2131.
require dhcp_server_identifier

# Generate SLAAC address using the Hardware Address of the interface
#slaac hwaddr
# OR generate Stable Private IPv6 Addresses based from the DUID
slaac private

# Example static IP configuration:
# My pihole is setup to eth0
interface eth0
static ip_address= [IPV4 Address of the Pihole]/24
static ip6_address= [IPV6 Address of the Pihole]/64
static routers=192.168.1.1
static domain_name_servers=192.168.1.1 [place routers lan IPV6 address ]
Any place where i put [ ], these are places that you need to add correct values to.
 

Jimmy9

New Around Here
Does the DNS filter in router mode direct all DNS, including IPv6 and DoH to the DNS server LAN DHCP setting.
Does the Custom DNS 1 in DNS Filter over ride the DNS Server specified in the LAN DHCP setting?

Is there anywhere i can view all of the LAN IPv6 hosts? I've tried using stateless and staeful but i cant find a table like the hosts file of the all of the IPv6 hosts, it would be great if these could be looked up from pihole in the same way IPv4 can using conditional fwding. Not a huge deal though.
 

SomeWhereOverTheRainBow

Very Senior Member
Does the DNS filter in router mode direct all DNS, including IPv6 and DoH to the DNS server LAN DHCP setting.
Does the Custom DNS 1 in DNS Filter over ride the DNS Server specified in the LAN DHCP setting?

Is there anywhere i can view all of the LAN IPv6 hosts? I've tried using stateless and staeful but i cant find a table like the hosts file of the all of the IPv6 hosts, it would be great if these could be looked up from pihole in the same way IPv4 can using conditional fwding. Not a huge deal though.
in only works with IPV4. The asuswrt firmware lacks the ip table integrity to support ipv6 DNS redirect. (Basically DNS filter was not an intended firmware function. It is exclusive to Merlin-Asuswrt firmware, it was added with no changes to the actual iptables provided by stock.)
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top